CISO Public Sector Online A/NZ schedule

Hear our keynote discuss the impact of cyber attacks and what can be learnt from them.

• What are the impacts of cyberattacks on the public sector for society, businesses, and economies, and what can we learn?
• Understand what is at stake for a government organisation
• Understanding the convergence of advanced persistent threats (APT) and cybercrime, and how it affects the public sector

Learn how to integrate new technologies into your outdated systems while maintaining security. This session will discuss:

• Assessing the risks in introducing a new system into an incumbent one and how to mitigate attack surface
• Understanding the advantage of integrating new technology and getting employees on board
• Assuring citizen customers about prevention strategies around the vulnerabilities of new technology

Hear from our expert panel on how they assess the risks and best practices of the critical infrastructure within an organisation to comply with security regulations. The panel will consider:

• Recognising the vulnerabilities of critical infrastructure in the region
• Comprehending the Security for Critical Infrastructure Act and how it shapes cybersecurity strategies
• Exploring what has been done in the past to prevent attacks or mitigate the effect of an attack

We live on the cusp of an era where user experience and security are no longer a trade-off when it comes to authorising users' access to technology. With biometrics included on all modern devices, and strong adoption of secure standards available, we can now provide users a great experience without compromising security. Within the last year or so, cyber criminals have utilised "as a service" tools to turn simple phishing campaigns into attacks that bypass most common forms of MFA. This ultimately forces us to be more selective about what authenticators are used to protect access to resources. This session will guide you through some of these latest attack techniques and provide advice on how to protect your users account takeovers and Identity Theft.

Hear from our two speakers as they reflect on how they have approached cyber security in their careers as a shared responsibility to strengthen frontiers in any organisation.

• Creating awareness and building a culture that is driven by cybersecurity
• Encouraging and empowering government officers to take ownership of their organisation’s security
• Lessons on learnt from other industries/sectors that could be adopted into the public sector

Passwordless authentication is gaining momentum with good reason. Users love it and would-be intruders hate it. So why hasn’t it caught on more quickly? Many enterprises are saddled with legacy technology, identity silos, and complex policies. But now you can orchestrate and scale passwordless journeys for your customers using contextual factors, such as user location, behaviour, and device — driven by continuous AI-powered orchestration. 

Join this session to explore the evolution to passwordless and how to enable it for your legitimate users while reducing the risk of unauthorised access. In this session you will learn to navigate the options for a passwordless world.

Join this session as we look at the Business Intelligence perspective in a data breach.

• How can CISO work with BI to continue to serve the customer in a breach?
• If a data breach happens, what could you do and what will you wish you had done?
• How do you enable the company to operate BAU with a data breach?

Security is a shared responsibility between developers and security professionals for businesses and the industry at large. We must all contribute at an individual, organizational, and community level to succeed. In this session by GitHub, you will learn how to deliver highly secure software and services by building security into development and operations and making security principles and practices an integral part of your DevOps processes. Even if you have deeply-rooted existing processes, legacy software, multiple teams, and projects, you can learn how to unlock your company’s DevSecOps potential.
Understand how developer first DevSecOps can transform your remediation rates

• Learn the first steps your organization can take in your DevOps to DevSecOps journey
• Understand how to successfully deploy application security in a cloud-native environment

Digital scams are on the rise, with business email compromise scams costing Australian businesses over $81.45 million in the 2020-2021 financial year, an increase of nearly 15 per cent from the previous financial year. To ensure NSW is prepared to tackle the threat of compromised business emails, the NSW Government has introduced DMARC, a domain-based Message Authentication, Reporting and Conformance tool.

Speakers:

Mark Brittain, Senior Project Manager DMARC, Infrastructure Security, Cyber Security NSW (Australia)

Bethany Boxall, Assistant Project Officer, Cyber Security NSW (Australia)

ICT disposals is often an afterthought. This session outlines:

• The frightening number of data breaches resulting from incorrect ICT disposals
• The requirements and recommendations of the Information Security Manual and the Australian Privacy Principles for data sanitisation and destruction
• How you can ensure you are meeting all regulatory and cyber insurance obligations when disposing of your ICT equipment 

It’s important to review your processes to mitigate vulnerable and weak points in your systems to reduce the risks of cyberattacks. This session will discuss:

• Minimising the impacts of cyber-attacks on business operations and citizens 
• Laying out comprehensive strategies to prepare employees for an attack 
• Communicating the steps to prevent and respond to an attack to employees and citizens

• Stronger individual agency cyber security and technology for an uplift to resilience as a whole
• Collaboration and sharing best practices for a united front against bad actors
• Mitigating risk by educating your workforce, addressing the skills shortage and revising and implementing new policies

Speaker: Dr Nalin Arachchilage, Lecturer in Cyber Security and Honorary Associate Professor, The University of Auckland, NZ and University of Warwick, UK (New Zealand)

Identity and access management provides control over user validation and resource access. Commonly known as IAM, this technology ensures that the right people access the right digital resources at the right time and for the right reasons. But how do you ensure that IAM is used right in the public sector? Join this session to hear how.

• Understanding the benefits, risks, and implications of using IAM
• Implementing IAM effectively in the public sector and lessons learnt from other applications
• Exploring the cybersecurity implications of IAM and how to mitigate vulnerabilities 

Digital scams are on the rise, with business email compromise scams costing Australian businesses over $81.45 million in the 2020-2021 financial year, an increase of nearly 15 per cent from the previous financial year. To ensure NSW is prepared to tackle the threat of compromised business emails, the NSW Government has introduced DMARC, a domain-based Message Authentication, Reporting and Conformance tool.

Speaker: Mark Brittain, Senior Project Manager DMARC, Infrastructure Security, Cyber Security NSW (Australia)

When users fall victim to social engineering attacks, provide education in place of punishment.  
Staff education on how to identify social engineering attacks and the appropriate response can provide your staff with valuable experience and knowledge.  
Join this session to hear how these two speakers have incorporated education into the workforce and more.

• What are social engineering schemes and how does the lifecycle look like in the public sector
• Exploring different technologies to detect and neutralise social engineering attempts
• Identifying ways to prevent social engineering – technologies and education

Speaker:  Chetan Prasad, Head of Security and Risk, Chief Information Security Officer (CISO), Office of the Controller and Auditor-General of New Zealand (New Zealand) 

It’s important to review your processes to mitigate vulnerable and weak points in your systems to reduce the risks of cyberattacks. This session will discuss:

• Minimising the impacts of cyber-attacks on business operations and citizens
• Laying out comprehensive strategies to prepare employees for an attack
• Communicating the steps to prevent and respond to an attack to employees and citizens

Speaker: James DeLuca, Cyber Security Engineering Manager, Security Command, Digital Technology & Innovation, NSW Police Force (Australia)

There are many trends driving investments in security automation and orchestration two of the leading factors are not enough skilled security professionals and the volume, velocity, and complexity of attacks. These two industry experts will discuss:

• Using AI/ML to monitor and responds to cyberattacks alert
• Addressing the challenges of automation
• Understanding operational impact in undertaking the SOC automation journey 

Alexander Pope famously said, “To err is human”, and not much has changed. We all make mistakes, and some people are more prone to making mistakes than others. The question is: What do you do about it? Join the session to hear two industry experts discuss how they refine the process to reduce inside threats and human errors.

• Testing current processes to detect potential attack surfaces and mitigating the vulnerabilities
• Revising processes to ensure vulnerabilities are mitigated and new attack-prevention method is in place
• Assessing the benefits of threat intelligence sharing across different organisations

Speaker: Angi Alfred, Principal Project Director, ICT, Health Infrastructure (Australia)

Join this industry expert as they discuss what they see as the framework in the pursuit of a digital approach to the public sector opening themselves up to greater cybersecurity risks.

• Staying abreast of what future attacks on critical infrastructure could be and planning for a response
• Monitoring the evolving citizen customers’ needs and demands to provide secure services
• Identifying new cybersecurity talents to build resilience in cyber defence

Speaker: Mike Jagusch, Manager Mission Enablement, National Cyber Security Centre (New Zealand)